Effects of Recent Federal Policies on Security and Resiliency Landscapes
|
|
- Anna Alexandra Burns
- 7 years ago
- Views:
Transcription
1 Effects of Recent Federal Policies on Security and Resiliency Landscapes SESSION ID: PNG-F03A Dr. Nader Mehravari Resilience Management Team Software Engineering Institute Carnegie Mellon University
2 Session Abstract Recent executive orders, presidential policy directives, and federal agency activities are affecting strategies and practices for cybersecurity protection and resilience of the nation s critical infrastructure. What are they? How are they related to previous such actions? How are they affecting cybersecurity and resilience strategies of owners and operators of nation s critical infrastructure? What is the role of federal government in responding cyber attacks?
3 Setting the Stage What policy developments took place in February 2013? Why are these developments important?
4 Developments During the Week of Feb. 12, 2013 President s State of Union Address Executive Order (Improving Critical Infrastructure Cybersecurity) Presidential Policy Directive PPD 21 (Critical Infrastructure Security and Resilience) NIST s Plans for Development of a Cybersecurity Framework
5 Why are these developments important? In the past, there have been Executive Orders, Presidential Policy Directives, and/or legislative actions with major effects on: Disaster planning Crisis management Identity management Emergency communications Critical infrastructure protection Application of DR/BC/InfoSec national & int l standards Conditions are ripe for the recent policy developments to significantly affect cybersecurity and resiliency landscapes.
6 Historical Background Source of Federal Regulations Congressional Activities Presidential Executive Orders Presidential Policy Directive
7 Sources of Federal Regulations In the United States, cybersecurity and resiliency regulation comprises: Legislation from Congress Directives from the Executive Branch
8 Congressional Cybersecurity Activities Congress has been holding hearings related to cybersecurity every year since 2001 Number of bills and resolutions introduced with provisions related to cybersecurity 111 th Congress 60+ (January 2009 January 2011) 112 th Congress 40+ (January 2011 January 2013) 113 th Congress 17 (as of May 22, 2013) No comprehensive cybersecurity legislation has been enacted since 2002.
9 What are Presidential Executive Orders? United States Presidents issue executive orders to help officers and agencies of the executive branch manage the operations within the federal government itself. Executive orders have the full force of law. Certain executive orders focus on national security issues.
10 Some Key Examples Year Administration Created 1963 JF Kennedy National Communications Systems (NCS) 1984 R Reagan Gov t Emergency Telecom. Service (GETS) 2002 GW Bush Department of Homeland Security 2003 GW Bush HSPD 7: National Infrastructure Protection Plan (NIPP) 2006 GW Bush Integrated Public Alert and Warning System (IPAWS)
11 Description of February 2013 Policy Developments Executive Order No Presidential Policy Directive PPD 21 NIST Initiating Development of a Cybersecurity Framework
12 EO # and PPD #21 Executive Order Presidential Policy Directive PPD 21 Issuance Date Tuesday, February, 12, 2013 Title Improving Critical Infrastructure Cybersecurity Overall Objective Classification Critical Infrastructure Security and Resilience To enhance the security and resilience of the Nation's critical infrastructure Unclassified
13 Messages of Executive Order & PPD Our country s reliance on cyber systems to run everything from power plants to pipelines and hospitals to highways has increased dramatically, and our infrastructure is more physically and digitally interconnected than ever The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront Steps must be taken to enhance existing efforts to increase the protection and resilience of critical infrastructure, while maintaining a cyber environment that encourages efficiency, innovation, and economic prosperity, while protecting privacy and civil liberties
14 Overall Objectives of EO and PPD To strengthen the security and resilience of critical infrastructure against evolving threats through an updated and overarching national framework that acknowledges the increased role of cybersecurity in securing physical assets. Together, the EO and PPD create an opportunity to reinforce the need for holistic thinking about security risk management and drive action toward a whole of community approach to security and resilience.
15 NIST Framework Development Process Engage the Framework Stakeholders Collect, Categorize, & Post RFI Responses Analyze RFI Responses Select Framework Components Prepare & Publish Preliminary Framework February 2013 NIST Issues RFI April 3, st Framework Workshop April 8, 2013 RFI Responses Posted May 15, 2013 Identify Common Practices/Themes May 29 31, nd Framework Workshop June 2013 Draft Initial Framework July rd Framework Workshop September th Framework Workshop October 2013 Publish Preliminary Framework November th Framework Workshop December 2013 Public comment period February 2014 Release Official Framework Release Official Framework
16 Closing Thoughts
17 Observation: Taking Actions Before & After major national disruptive events After Cuban Missile Crisis Presidential Memorandum of August 21, 1963 (NCS) After September 11 HSPD 1, 5, 7, 8, 12, 20, 21 Homeland Security Act of 2002 PS PREP After Mailings of Anthrax Spores Homeland Security Act of 2002 (DHS) After Hurricane Katrina EO (IPAWS) PPD 63 (CIP) EO and PPD 21 (CI Security and Resilience)
18 Observation: PPD-21 accounts for: new risk environment key lessons learned drive toward enhanced capabilities HSPD 7 Terrorist Attacks Physical Systems PPD 21 Security & Resilience of CI (protection + operating under stress) All hazards Recognizes CI cybersecurity a matter of national security
19 Question: Enable active defenses? An active shooter in a bank lobby would likely meet deadly force in response Should organizations be legally allowed to fight back when under cyber attack? Do we need policies and regulations governing such active cyber defenses?
20 Question: National defenses If a foreign state fired a missile at a US bank HQ, it would meet immediate military defense Should military-grade cyber defenses be deployed to protect US businesses that are under attack by foreign states? Do we need another exception to the Posse Comitatus Act to enable military cyber response to large-scale cyber attacks on US critical infrastructure?
21 Thank you for your attention
How To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationCritical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Critical Infrastructure Cybersecurity Framework Overview and Status Executive Order 13636 Improving Critical Infrastructure Cybersecurity Executive Order: Improving Critical Infrastructure Cybersecurity
More informationCybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 NARUC Winter Committee Meeting Committee & Staff Committee on Critical Infrastructure February 15,
More informationNIST Cybersecurity Initiatives. ARC World Industry Forum 2014
NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission
More informationNH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""
National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL NH!ISACADVISORY201.13 NATIONALCRITICALINFRASTRUCTURERESILIENCEANALYSISREPORT
More informationPreventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 8 April 2015 cyberframework@nist.gov Agenda Mission of NIST Cybersecurity at NIST Cybersecurity Framework
More informationNIST Cybersecurity Framework. ARC World Industry Forum 2014
NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy
More informationPreventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
More informationUpdate on U.S. Critical Infrastructure and Cybersecurity Initiatives
Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security
More informationPROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM
PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist October 25, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Report Documentation Page Form Approved
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationSeptember 4, 2003. appearing before you today. I am here to testify about issues and challenges in providing for
Testimony of John A. McCarthy, Director of the Critical Infrastructure Protection Project, George Mason School of Law Before a joint hearing of the House Subcommittee on Infrastructure Security and The
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist July 18, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research
More informationHow To Protect Yourself From Cyber Crime
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist October 25, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 c11173008 Cybersecurity: Authoritative
More informationThe Aviation Information Sharing and Analysis Center (A-ISAC)
The Aviation Information Sharing and Analysis Center (A-ISAC) Faye Francy Aviation ISAC March 2015 The Threat A National Security Issue Rapidly escalating cyber threats Executive action Executive Order
More informationWritten Statement of Richard Dewey Executive Vice President New York Independent System Operator
Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationDEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION
DEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION GROWTH CATALYSTS & LEGISLATION The current policy funding and policy landscape surrounding cybersecurity initiatives and funding is convoluted with
More informationTHE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013
THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The
More informationOn the European experience in critical infrastructure protection
DCAF a centre for security, development and the rule of law On the European experience in critical infrastructure protection Valeri R. RATCHEV ratchevv@yahoo.com @ratchevv DCAF/CSDM 1 This presentation
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationWhich cybersecurity standard is most relevant for a water utility?
Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:
More informationIn This Issue: Finance & Legal Edition. Voice. Cybersecurity Developments Raise Growing Regulatory Concerns For Undersea Cable Industry
Voice of the Industry 69 m a r 2013 ISSN 1948-3031 Finance & Legal Edition In This Issue: Cybersecurity Developments Raise Growing Regulatory Concerns For Undersea Cable Industry Current Legal Trends And
More informationBilling Code: 3510-EA
Billing Code: 3510-EA DEPARTMENT OF COMMERCE Office of the Secretary National Institute of Standards and Technology National Telecommunications and Information Administration [Docket Number: 130206115-3115-01]
More informationDepartment of Homeland Security Information Sharing Strategy
Securing Homeland the Homeland Through Through Information Information Sharing Sharing and Collaboration and Collaboration Department of Homeland Security April 18, 2008 for the Department of Introduction
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist July 11, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research
More informationWater Security Issues: The Federal Perspective. J. Alan Roberson, P.E. Director of Security and Regulatory Affairs AWWA Washington, DC
Water Security Issues: The Federal Perspective J. Alan Roberson, P.E. Director of Security and Regulatory Affairs AWWA Washington, DC Outline The Overall Concept for Water Security What s Important in
More informationCritical Infrastructure Security and Resilience
U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International
More informationBusiness Continuity for Cyber Threat
Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between
More informationCybersecurity Framework: Current Status and Next Steps
Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards
More informationPreventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2014 ISACA Pittsburgh Information Security Awareness Day Victoria Yan
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationSubject: National Preparedness
For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-8 Subject: National Preparedness Purpose (1) This directive establishes
More informationComputer Network Security & Privacy Protection
Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and
More informationCLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS
CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee
More informationCybersecurity for Medical Devices
Cybersecurity for Medical Devices Suzanne O Shea Kathleen Rice January 29, 2015 Why Is This Important? Security Risks in the Sensors of Implantable Medical Devices Over the last year, we ve seen an uptick
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity April 2016 cyberframework@nist.gov Pre-Cybersecurity Framework Threat Landscape 79% of reported victims were targets of opportunity 96% of
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist September 20, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Cybersecurity: Authoritative Reports
More informationIAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope
IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com
More informationWhat are you trying to secure against Cyber Attack?
Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally
More informationSeptember 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President
004216 THE WHITE HOUSE WASHINGTON MEMORANDUM FOR September 28, 2 012 MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President MR. STEPHEN D. MULL Executive
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist August 16, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Cybersecurity: Authoritative Reports
More informationLessons Learned from a Basic Vulnerability Assessment and Emergency Response Plan Update Project in Greensboro
Lessons Learned from a Basic Vulnerability Assessment and Emergency Response Plan Update Project in Greensboro Steve Drew, Director, Greensboro Water Resources Department Jack Moyer, Carolinas / Tennessee
More informationGOVERNMENT OF THE REPUBLIC OF LITHUANIA
GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 20112019 Vilnius For
More informationGAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks
GAO For Release on Delivery Expected at 10:00 a.m. EDT Tuesday, March 27, 2012 United States Government Accountability Office Testimony Before the Subcommittee on Oversight and Investigations, Committee
More informationCyber Legislation & Policy Developments 2014
Cyber Legislation & Policy Developments 2014 SESSION ID: LAW-Fo2 Michael A. Aisenberg, Esq. Chair, ABA Information Security Committee Policy Task Force ABA Section on Science & Technology Law Principal
More informationThank you for your very kind introduction.
AMBASSADOR S REMARKS FOR CYBER SECURITY CONFERENCE ( NATIONAL SECURITY IN THE INFORMATION AGE ) AZERBAIJAN DIPLOMATIC ACADEMY (ADA) UNIVERSITY APRIL 13, 2015 AT 9:30AM Thank you for your very kind introduction.
More informationEstablishing A Secure & Resilient Water Sector. Overview. Legislative Drivers
Establishing A Secure & Resilient Water Sector December 14-15, 2010 LWQTC Overview Key Drivers Legislation Presidential Directives AWWA & Sector Initiatives Standards & Guidance Mutual Aid & Assistance
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More informationA BRIEF HISTORY OF THE INFORMATION SHARING ENVIRONMENT (ISE)
A BRIEF HISTORY OF THE INFORMATION SHARING ENVIRONMENT (ISE) As the nation enters the second decade following the terrorist attacks of September 11, 2001, our information sharing challenges are maturing.
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist March 20, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research
More informationBrief Documentary History of the Department of Homeland Security
Brief Documentary History of the Department of Homeland Security 2001 2008 History Office Table of Contents Introductory Note... 2 Homeland Security Before September 11... 3 The Office of Homeland Security...
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan Information Research Specialist November 17, 2015 Congressional Research Service 7-5700 www.crs.gov R43317 Cybersecurity:
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,
More informationApplying Framework to Mobile & BYOD
Applying Framework to Mobile & BYOD Framework for Improving Critical Infrastructure Cybersecurity National Association of Attorneys General Southern Region Meeting 13 March 2015 cyberframework@nist.gov
More informationWikiLeaks Document Release
WikiLeaks Document Release February 2, 2009 Congressional Research Service Report RL30153 Critical Infrastructures: Background, Policy, and Implementation John D. Moteff, Resources, Science, and Industry
More informationNo. 33 February 19, 2013. The President
Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001
More informationNational Cyber Security Strategies: United States
National Cyber Security Strategies: United States Audrey L. Plonk Director, Cybersecurity and Internet Governance Intel Corporation 1 ICSS 2013 Trends: National Cybersecurity Strategies New strategies
More informationExecutive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014
Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to
More informationSTATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;
STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; LIEUTENANT GENERAL JAMES K. MCLAUGHLIN DEPUTY COMMANDER,
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and
More informationCybersecurity and Corporate America: Finding Opportunities in the New Executive Order
Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses
More informationCybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues
Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com
More informationNIST Cybersecurity Framework What It Means for Energy Companies
Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
CRS Reports & Analysis Print Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan, Information Research Specialist (rtehan@crs.loc.gov, 7-6739) View Key CRS Policy Staff May
More informationCForum: A Community Driven Solution to Cybersecurity Challenges
SESSION ID: AST3-R01 CForum: A Community Driven Solution to Cybersecurity Challenges Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle Greg Witte Sr. Security Engineer G2, Inc. @thenetworkguy Organizations
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist September 20, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 We Teach What You NEED TO KNOW
More informationDiane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Submitted via email: cyberframework@nist.gov April 8, 2013 Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Developing a Framework
More informationTerms of Reference for the Review of the OECD Guidelines for the Security of Information Systems and Networks
Please cite this paper as: OECD (2012), Terms of Reference for the Review of the OECD Guidelines for the Security of Information Systems and Networks, OECD Digital Economy Papers, No. 210, OECD Publishing.
More informationAppropr iated Accounts Department-wide Systems and Capital Investment Program
Department-wide Systems and Capital Investment Program Mission: To modernize business processes and increase efficiencies throughout the Department of Treasury through technology investments. Program Summary
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationCRITICAL INFRASTRUCTURE PROTECTION. DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts
United States Government Accountability Office Report to Congressional Requesters September 2014 CRITICAL INFRASTRUCTURE PROTECTION DHS Action Needed to Enhance Integration and Coordination of Vulnerability
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist April 17, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationHOMELAND SECURITY INTERNET SOURCES
I&S Internet Sources I&S HOMELAND SECURITY INTERNET SOURCES USEFUL SITES, PORTALS AND FORUMS Homeland Security Home Page http://www.whitehouse.gov/homeland/ A federal agency whose primary mission is to
More informationArent Fox Telecommunications
Arent Fox Telecommunications Public Safety, Homeland Security and Defense Update September 2009 Vol. II The Arent Fox Telecommunications Group has a dedicated practice area focused on issues related to
More informationHow To Improve Federal Network Security
Department of Federal Network Trusted Internet Connections (TIC) Update for the Information and Privacy Advisory Board July 29, 2009 Federal Network (FNS) Federal Network Branch Branch Vision: To be the
More informationThe Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.
The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be
More informationCYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD
CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD The 2011 2015 Cyber Security Strategy of the Czech Republic is linked to the Security Strategy of the Czech Republic and reflects
More informationCOMMENTS OF THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION
February 23, 2016 Via Electronic Filing (cyberframework@nist.gov) Re: National Institute of Standards and Technology s Notice and Request for Information, Views on the Framework for Improving Critical
More informationSupplemental Tool: Executing A Critical Infrastructure Risk Management Approach
Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Executing a Critical Infrastructure Risk Management Approach Risk is defined as the potential for an unwanted outcome resulting
More informationSupplemental Tool: NPPD Resources to Support Vulnerability Assessments
Supplemental Tool: NPPD Resources to Support Vulnerability Assessments NPPD Resources to Support Vulnerability Assessments Assessing vulnerabilities of critical infrastructure is an important step in developing
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan, Information Research Specialist (rtehan@crs.loc.gov, 7-6739) April 17, (R43317) Summary Cybersecurity vulnerabilities challenge
More informationInformation Security Standards in Critical Infrastructure Protection
Information Security Standards in Critical Infrastructure Protection Berlin 11/11/2015 Alessandro Guarino StudioAG Introduction Computers everywhere! ICT Technologies pervasive even in very analog settings:
More informationWater Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary
Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary
More informationS. ll IN THE SENATE OF THE UNITED STATES
OLL0 TH CONGRESS ST SESSION S. ll To secure the United States against cyber attack, to improve communication and collaboration between the private sector and the Federal Government, to enhance American
More informationGAO DEPARTMENT OF HOMELAND SECURITY. Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed
GAO November 2009 United States Government Accountability Office Report to the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Committee on Homeland
More informationNational Infrastructure Protection Plan Partnering to enhance protection and resiliency
National Infrastructure Protection Plan Partnering to enhance protection and resiliency 2009 Preface Risk in the 21st century results from a complex mix of manmade and naturally occurring threats and
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More information